Overview

overview

10

Static

static

order.scr

windows7-x64

1

order.scr

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    order.scr

  • Size

    1.0MB

  • Sample

    220915-lzx87agdaj

  • MD5

    485bbc528dcaa74633658a8fd8fd8c31

  • SHA1

    86974b769a62440f1a0653c1dd98adeb61cad794

  • SHA256

    a21ab3934d22b88cfcabfc0521a8974679b582f4c6691d3ef1ed9721da5d3f5c

  • SHA512

    389fa973415ed9385d8745934eb1145fe1d57409ff4db26bb4b22040c297a1ad99179796c1b9853662f6b8f51a2ac49bb40f866efd86b150645fa1022ee1bdb3

  • SSDEEP

    24576:BTbXKSJdv6m2p17g83rRbJk5o6F9NWWLNMK9mxXwJ:Vbtt2pxgIRb4D51MB

Score
10/10
formbookp94aratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

p94a

Decoy

wishgrove.com

parqueveiculos.com

spiderwebs.online

chulkanadham.com

cdtuan.net

zxazm.com

payment6528832.xyz

fengtaiol.com

bffsmovie.com

aliceseagerfitness.com

garisluruskonsulindo.website

analytical-gutter.net

ahcq8.com

fenyoga.com

ecleptic.cat

conjurecrafts.com

aquaway.date

apenpokkenschoonmaakbedrijf.com

zgramr.top

boweknives.site

Targets

    • Target

      order.scr

    • Size

      1.0MB

    • MD5

      485bbc528dcaa74633658a8fd8fd8c31

    • SHA1

      86974b769a62440f1a0653c1dd98adeb61cad794

    • SHA256

      a21ab3934d22b88cfcabfc0521a8974679b582f4c6691d3ef1ed9721da5d3f5c

    • SHA512

      389fa973415ed9385d8745934eb1145fe1d57409ff4db26bb4b22040c297a1ad99179796c1b9853662f6b8f51a2ac49bb40f866efd86b150645fa1022ee1bdb3

    • SSDEEP

      24576:BTbXKSJdv6m2p17g83rRbJk5o6F9NWWLNMK9mxXwJ:Vbtt2pxgIRb4D51MB

    Score
    10/10
    formbookp94aratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks